
Docket No. 70066 



E UNITED STATES PATENT AND TRADEMARK OFFICE 



Applicant 
Serial No 
Filed 



BADAMO et al. 

09/816,883 

March 23, 2001 

2131 

6901 

SYSTEM AND METHOD... 
June 14, 2002 



Art Unit 
Conf. No. 
For 



Dated 



RECEIVED 

Techn °logy Center 2100 



Hon. Commissioner of Patents 
and Trademarks 
Washington, D.C. 20231 



Sir: 



Enclosed please find new formal drawings for the above-identified 
application. 



JJM:jms 

Enclosures: Formal Drawings (1 1 sheets) 

SCARBOROUGH STATION 
SCARBOROUGH, NEW YORK 10510-0827 
(914)941-5600 
Dated: June 14, 2002 

I HEREBY CERTIFY THAT THIS CORRESPONDENCE IS BEING 
DEPOSITED WITH THE UNITED STATES POSTAL SERVICE AS EXPRESS 
MAIL, ON TICKET NO. EV07 1 1 97093US IN AN ENVELOPE ADDRESSED 
TO: COMMISSIONER OF PATENT AND TRADEMARKS, WASHINGTON, 
DC 20231 

McGLEW AND TUTTLE, P.C. 

BY: ^^L^y&^C DATE: June 14, 2002 

70066.7 



Respectfully submitted 
for Applicants), 



By: 




Reg. No. 31,903 
(914)941-5600 



3/11 



13 



11 



PHYSICAL 
INTERFACE 



17 



15 



INGRESS 
PROCESSOR 
SYSTEM 



10 



17 

/is 



17 



EGRESS 

PROCESSOR 

SYSTEM 



>ig,.2A 



ii 



LC1 



sci 50 



24' 



Ingress Processor 1 



52 



Egress Processor 1 



17 



17 



LC2 



.54 



4- 



Ingress Processor 2 



56 



Egress Processor 2 



24' 



Fig. 2B 



4/11 



ii 



NETWORK 
INTERFACE 



13 22 



LC-2 



LC-3 



LC-5 



LC-6 



22 



4 



26 



LC-4 



LC-7 )( 



LC-8 )CZT 



38 



)c=r 



5 

o 



44- 



20 



FC(s) 



DC 



^ Kbyimic&usipfi.X SC-1 



28 .30 -, 4 

\ SC fitalic Bik * \ 



•32 



SC Static Bus 



(Pri.) ) 



SC Dynamic Bus 



SC Dynamic Bus (sec.) 



SC Static Bus 



SC Dynamic Bus (pri. 



X 



SC Dynamic Bus (sec.) 



SC Static Bus ' 



k SC Dynamic Bus (pri. j A 

) ( 

: SC Dynamic Bus (sec.) ; 



SC Static Bus 



SC Oynamic Bus (pri.) 



SC Oynamic Bus (sec.) 



28 



k SC Dynamic Bus (pri., , 

k- >. ., 4 



L 32 L 30 



SC-2 



SC-3 



SC-4 



SC-5 



SC-6 



■36 



24 
34 



CC(s) 



EMS and OTHER 
INTERFACES 



Fig. 3 



5/11 




CO 





M 




2 


/ § 

2 


Cont: 




6/11 













LU - 


CO 






CO 




LU 




CO 


ai 


ECI 


CD 


CD 


ZD 


LU 


m 


CO 



AAA 



LU 

>■ 
to 

C 

^ CO 

g— 

LU 
CO 



VD 

no 



i 



O 



O 
U 







\ 






LU 

h- 


S3 




CO 




>- 




ZD 


Ul 


CD 


U 


CO 


z: 


LXJ 


ZD 


i— i 


CO 


CO 



AAA 



no 



oo 



O 





z 


\ 




UJ 


















>- 






CO 




LU 


UB 






CO 








— — 



O B 

O uj 
uj al <D 
Z h < 

O O < 

u u z 



V Y V 




o 



ZD 



O 



(J? 
< 



LO 



LO 
CO 



7/11 



SC Ingress Processor 




Bus Interface 



100 



/ 



66 



Ingress 
Bus 




73 ^ 



Ingress 
Security 
Processor 




108 



Egress 
Processor 

FPGA 
Interface 




Egress 
Network y 
Processor 
Interface 



Egress 
Bus 

104 



Fig. 6 



8/11 



700 



THE TWO SECURITY ASSOCIATIONS, AT THE SECURITY SUBSYSTEMS, 
ESTABLISH A SHARED SECRET KEY TO BE USED FOR SYMMETRIC 
BLOCK ENCRYPTION (E.G., A DIFFIE-HELLMAN KEY EXCHANGE). 



,702 



USE ONE OF THE EGRESS SECURITY SUBSYSTEM AND INGRESS 
SECURITY SUBSYSTEM TO HOST THE SECURITY ASSOCIATION 



704 



MAIN MODE AND QUICK MODE IKE EXCHANGES ARE PERFORMED TO 
ESTABLISH A SECURITY ASSOCIATION WITH A REMOTE PEER 



A "DELETE NOTIFICATION" MESSAGE ENCRYPTED 
WITH THE ISAKMP SA KEY IS CREATED AND SENT 
TO THE CCM ON THE CONTROL CARD 



706 



THE SERVICE CARD IDENTIFIER IS RECORDED AT THE 
CCM, AND PEER ADDRESS FOR THE NEWLY CREATED 
SECURITY ASSOCIATION IS RECORDED AT THE CCM 



708 



712 



KEY, ENCRYPT SESSION DATA 



710 



Fig. 7A 



FORM AND SEND SECURITY MESSAGE INCLUDING AUTHENTICATION 
FOR AUTHENTICATING THE TRANSMISSION OF THE SESSION DATA 



CHECK AUTHENTICATION AT RECEIVER SUBSYSTEM 



714 



716 



DECRYPT THE SM BY THE RECIPIENT USING THE SHARED 
SECRET KEY OF STEP 700. THE DECRYPTED SESSION DATA 
IS THEN LOADED INTO THE SECURITY SUBSYSTEM TABLES. 



9/11 . 



720 



USE ONE OF THE EGRESS SECURITY SUBSYSTEM AND INGRESS 
SECURITY SUBSYSTEM TO HOST THE SECURITY ASSOCIATION 



MAIN MODE AND QUICK MODE IKE EXCHANGES ARE PERFORMED TO 
ESTABLISH A SECURITY ASSOCIATION WITH A REMOTE PEER 



A "DELETE NOTIFICATION" MESSAGE ENCRYPTED 
WITH THE ISAKMP SA KEY IS CREATED AND SENT 
TO THE CCM ON THE CONTROL CARD 



722 



724 



THE SERVICE CARD IDENTIFIER IS RECORDED AT THE 
CCM, AND PEER ADDRESS FOR THE NEWLY CREATED 
SECURITY ASSOCIATION IS RECORDED AT THE CCM 



726 



FORM AND SEND SECURITY MESSAGE INCLUDING AUTHENTICATION 
FOR AUTHENTICATING THE TRANSMISSION OF THE SESSION DATA 



728 



CHECK AUTHENTICATION AT RECEIVER SUBSYSTEM 



730 



732 



LOAD THE SESSION DATA INTO THE SECURITY SUBSYSTEM TABLES. 



Fig. 7B 



10/11 



740 



USE ONE OF THE EGRESS SECURITY SUBSYSTEM AND INGRESS 
SECURITY SUBSYSTEM TO HOST THE SECURITY ASSOCIATION 



MAIN MODE AND QUICK MODE IKE EXCHANGES ARE PERFORMED TO 
ESTABLISH A SECURITY ASSOCIATION WITH A REMOTE PEER 



A "DELETE NOTIFICATION" MESSAGE ENCRYPTED 
WITH THE ISAKMP SA KEY IS CREATED AND SENT 
TO THE CCM ON THE CONTROL CARD 



742 



THE SERVICE CARD IDENTIFIER IS RECORDED AT THE 
CCM, AND PEER ADDRESS FOR THE NEWLY CREATED 
SECURITY ASSOCIATION IS RECORDED AT THE CCM 



744 



746 



FORM AND SEND SECURITY MESSAGE 



748 



750 



LOAD THE SESSION DATA INTO THE SECURITY SUBSYSTEM TABLES. 



Fig. 7C 



11/11 



62 



SC Ingress Processor 



Bus Interface 



100 



r 66 



Ingress 
Bus 





90, 



IKE 
Subsystem 



Ingress 
Security 
Processor 




C 



108 



Egress 
Processor 

FPGA 
Interface 



Egress 
Network 
Processor 
Interface . 



Egress 
Bus 



104 



Fig. 8 



